Your guide to data protection
In order to operate effectively, Swansea Council (the authority) has to obtain certain types of information about persons working and residing in its area.
The information the authority holds on individuals, which identifies that individual, is known as personal data. These individuals include members, former and current and prospective employees, suppliers, clients and customers.
The term personal data applies to any material which identifies a living individual, for example photographs, CCTV footage, information held on computer disk and most paper records. To ensure that the authority handles personal data lawfully and appropriately it must adhere to the latest Data Protection principles.
How long we keep data is important for individuals to know. Data retention periods are available for perusal via our website.
Data Protection Officer
Within the authority, the route for all matters relating to data protection and information management is via the Data Protection Officer (DPO). Their role consists of assisting all council services in achieving and maintaining a position of compliance with Data Protection, Freedom of Information legislation and Environmental Information regulations.
As the authority collects and processes personal data, we must register with the Information Commissioners Office (ICO) as a data controller in accordance with the Data Protection Act. If data is breached within the council, then procedures are in place to contain and investigate disclosure. The DPO is responsible for providing staff with tools to ensure they are trained in data protection. A number of e-learning courses, videos and posters are at their disposal.
If you need advice or guidance on any related topic from information security to data protection, please contact the Data Protection Officer: firstname.lastname@example.org.
Senior Information Risk Owner (SIRO)
The role of the SIRO has been included into the council's information governance to provide board-level accountability and greater assurance that information risks are being addressed. The SIRO ensures that information risks are treated as a priority for all business outcomes. They will play a vital role in getting the council to recognise the value of its information, enabling us to use it effectively.
Subject Access Requests (SARs)
Under the rights of subject access, an individual is entitled to find out what is being held about them. Individuals are only entitled to their own personal data and not to information relating to other people (unless they are acting on behalf of that person). Neither are they entitled to information simply because they may be interested in it.
Further information on a subject access request can be found on our website.
Freedom of Information (FOI)
The FOI Act 2000 provides public access to information held by public authorities. It does this in two ways:
- public authorities are obliged to publish certain information about their activities, and
- members of the public are entitled to request information from public authorities.
As a council, we have a legal obligation to provide information through an approved publication scheme under FOI. Any information that we make routinely available should be included in our Publication scheme. Further information on FOI requests can be found on our website.
The Wales Accord on the Sharing of Personal Information (WASPI)
WASPI provides a framework for service-providing organisations directly concerned with the health, education, safety, and social well being of people in Wales. In particular, it concerns those organisations that hold information about individuals and who need to share that information to deliver effective services. Further information on WASPI can be found on our website.